cve-2014-6332

About this tag
CVE-2014-6332 is a Microsoft Windows OLE Automation Array remote code execution vulnerability. It affects Windows Vista, 7, 8, 8.1, RT, RT 8.1, and multiple Windows Server editions. The flaw resides in the OleAut32.dll library's SafeArrayRedim function, which can be exploited when a user views a specially-crafted web page in Internet Explorer. This allows an attacker to execute arbitrary code on the target system. The vulnerability was disclosed in November 2014 and is associated with US-CERT alert TA14-318B. Discussions on WindowsForum.com cover the affected systems, technical details, and mitigation steps for this security issue.
  1. TA14-318B: Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability

    Original release date: November 14, 2014 Systems Affected Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Overview A vulnerability in Microsoft Windows Object Linking and Embedding (OLE) could allow...